From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andreas Unterkircher <unki@netshadow.at>
Date: Fri, 11 Nov 2005 21:20:52 +0000
Subject: Re: [LARTC] passive FTP trafic control
Message-Id: <43750B34.9010409@netshadow.at>
List-Id: <lartc.vger.kernel.org>
References: <20051111132016.5299021b@pulsar.inexo.com.br>
In-Reply-To: <20051111132016.5299021b@pulsar.inexo.com.br>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
To: lartc@vger.kernel.org

You could try to match on helper within iptables. Should be something like

iptables -A FORWARD --match conntrack --ctproto tcp --ctstate=20
RELATED,ESTABLISHED --match helper --helper ftp -j CLASSIFY ....

Perhaps this will match your data channel.

Cheers,
Andreas

DervishD wrote:

>    Hi Ethy :)
>
> * Ethy H. Brito <ethy.brito@inexo.com.br> dixit:
> =20
>
>>How to make shure that only FTP RELATED packets will be CLASSIFY'ed??
>>   =20
>>
>
>    I can only suggest that you limit the source ports available to
>passive FTP. In my FTP server this can be configured, but probably in
>other servers you can do it too. Once you do this, it's quite easy to
>setup a "tc filter" to mark packages (or iptables if you prefer).
>
>    Ra=FAl N=FA=F1ez de Arenas Coronado
>
> =20
>

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc